starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 09:25:55 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #253] New certs and renewals fail #220

New issue
Closed
opened 2026-02-26 06:31:35 +03:00 by kerem · 7 comments
kerem commented 2026-02-26 06:31:35 +03:00
Owner
Copy link

Originally created by @davidlesicnik on GitHub (Dec 11, 2019).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/253

Hello, I am facing an issue where I can't seem to create new LE certs or renew existing ones.

This is a snippet of the log where NPM attempted to automatically renew certs (I replaced the domain name with examples)

[12/11/2019] [11:28:29 AM] [SSL      ] › ℹ  info      Renewing SSL certs close to expiry...
[12/11/2019] [11:28:54 AM] [SSL      ] › ✖  error     Error: Command failed: /usr/bin/certbot renew -q
Attempting to renew cert (npm-10) from /etc/letsencrypt/renewal/npm-10.conf produced an unexpected error: Failed authorization procedure. domain1.example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain1.example.com/.well-known/acme-challenge/4rRnZ2cdt5ehCAsoDs2QaoYCZgjC5Wbz5hH2Q2xpyy4 [5.32.143.57]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r". Skipping.
Attempting to renew cert (npm-11) from /etc/letsencrypt/renewal/npm-11.conf produced an unexpected error: Failed authorization procedure. domain2.example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain2.example.com/.well-known/acme-challenge/QH7bZcLQKuIa9uU5MQ6LrtjJFueieCis_cxInDWs5oI [5.32.143.57]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r". Skipping.
Attempting to renew cert (npm-12) from /etc/letsencrypt/renewal/npm-12.conf produced an unexpected error: Failed authorization procedure. domain3.example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain3.example.com/.well-known/acme-challenge/DrMMVI5igvk6u6WF3x3G_DbIZgJndv9nQtnMWoTFbwk [5.32.143.57]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r". Skipping.
Attempting to renew cert (npm-13) from /etc/letsencrypt/renewal/npm-13.conf produced an unexpected error: Failed authorization procedure. domain3.example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain3.example.com/.well-known/acme-challenge/B3X3IptmwdZ_fpSMvoEWHhHVS2u_FnwSmv_yZ2f0cDQ [5.32.143.57]: 404. Skipping.
Attempting to renew cert (npm-14) from /etc/letsencrypt/renewal/npm-14.conf produced an unexpected error: Failed authorization procedure. domain4.example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain4.example.com/.well-known/acme-challenge/O-5lUrY2-MHJ52YgFRKrAs6I9expoaN9cG9xwihAH4M [5.32.143.57]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r". Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/npm-10/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-11/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-12/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-13/fullchain.pem (failure)
  /etc/letsencrypt/live/npm-14/fullchain.pem (failure)
5 renew failure(s), 0 parse failure(s)

On the web interface creating/renewin certs pops up an "Internal Error" code and looking into the logs I get the same error

[12/11/2019] [12:24:41 PM] [SSL      ] › ℹ  info      Renewing Let'sEncrypt certificates for Cert #14: domain2.example.com
[12/11/2019] [12:24:47 PM] [Express  ] › ⚠  warning   Command failed: /usr/bin/certbot renew -n --force-renewal --disable-hook-validation --cert-name "npm-14"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for domain2.example.com
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (npm-14) from /etc/letsencrypt/renewal/npm-14.conf produced an unexpected error: Failed authorization procedure. domain2.example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain2.example.com/.well-known/acme-challenge/oZSEFJ5wDV5xhuguhWjHbIHlPGjWrnuki3M1iXkDSmc [5.32.143.57]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r". Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/npm-14/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Originally created by @davidlesicnik on GitHub (Dec 11, 2019). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/253 Hello, I am facing an issue where I can't seem to create new LE certs or renew existing ones. This is a snippet of the log where NPM attempted to automatically renew certs (I replaced the domain name with examples) ``` [12/11/2019] [11:28:29 AM] [SSL ] › ℹ info Renewing SSL certs close to expiry... [12/11/2019] [11:28:54 AM] [SSL ] › ✖ error Error: Command failed: /usr/bin/certbot renew -q Attempting to renew cert (npm-10) from /etc/letsencrypt/renewal/npm-10.conf produced an unexpected error: Failed authorization procedure. domain1.example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain1.example.com/.well-known/acme-challenge/4rRnZ2cdt5ehCAsoDs2QaoYCZgjC5Wbz5hH2Q2xpyy4 [5.32.143.57]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r". Skipping. Attempting to renew cert (npm-11) from /etc/letsencrypt/renewal/npm-11.conf produced an unexpected error: Failed authorization procedure. domain2.example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain2.example.com/.well-known/acme-challenge/QH7bZcLQKuIa9uU5MQ6LrtjJFueieCis_cxInDWs5oI [5.32.143.57]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r". Skipping. Attempting to renew cert (npm-12) from /etc/letsencrypt/renewal/npm-12.conf produced an unexpected error: Failed authorization procedure. domain3.example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain3.example.com/.well-known/acme-challenge/DrMMVI5igvk6u6WF3x3G_DbIZgJndv9nQtnMWoTFbwk [5.32.143.57]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r". Skipping. Attempting to renew cert (npm-13) from /etc/letsencrypt/renewal/npm-13.conf produced an unexpected error: Failed authorization procedure. domain3.example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain3.example.com/.well-known/acme-challenge/B3X3IptmwdZ_fpSMvoEWHhHVS2u_FnwSmv_yZ2f0cDQ [5.32.143.57]: 404. Skipping. Attempting to renew cert (npm-14) from /etc/letsencrypt/renewal/npm-14.conf produced an unexpected error: Failed authorization procedure. domain4.example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain4.example.com/.well-known/acme-challenge/O-5lUrY2-MHJ52YgFRKrAs6I9expoaN9cG9xwihAH4M [5.32.143.57]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r". Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/npm-10/fullchain.pem (failure) /etc/letsencrypt/live/npm-11/fullchain.pem (failure) /etc/letsencrypt/live/npm-12/fullchain.pem (failure) /etc/letsencrypt/live/npm-13/fullchain.pem (failure) /etc/letsencrypt/live/npm-14/fullchain.pem (failure) 5 renew failure(s), 0 parse failure(s) ``` On the web interface creating/renewin certs pops up an "Internal Error" code and looking into the logs I get the same error ``` [12/11/2019] [12:24:41 PM] [SSL ] › ℹ info Renewing Let'sEncrypt certificates for Cert #14: domain2.example.com [12/11/2019] [12:24:47 PM] [Express ] › ⚠ warning Command failed: /usr/bin/certbot renew -n --force-renewal --disable-hook-validation --cert-name "npm-14" Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for domain2.example.com Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Attempting to renew cert (npm-14) from /etc/letsencrypt/renewal/npm-14.conf produced an unexpected error: Failed authorization procedure. domain2.example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain2.example.com/.well-known/acme-challenge/oZSEFJ5wDV5xhuguhWjHbIHlPGjWrnuki3M1iXkDSmc [5.32.143.57]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r". Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/npm-14/fullchain.pem (failure) 1 renew failure(s), 0 parse failure(s) ```
kerem 2026-02-26 06:31:35 +03:00
  • closed this issue
  • added the
    stale
         label
kerem commented 2026-02-26 06:31:36 +03:00
Author
Owner
Copy link

@s4b3rt0oth commented on GitHub (Dec 26, 2019):

Is your server publicly accessible?

<!-- gh-comment-id:569141062 --> @s4b3rt0oth commented on GitHub (Dec 26, 2019): Is your server publicly accessible?
kerem commented 2026-02-26 06:31:36 +03:00
Author
Owner
Copy link

@NeoMatrixJR commented on GitHub (Feb 6, 2020):

Anyone sort this out? I'm having the EXACT same issue...and yes, the server is publicly accessible. When I try to reach one of my URLs I've got setup in NginxProxyManager I get a cert error, it shows my old LE cert that's out of date. Strangely, it says my site's setup for HSTS, so I can't even bypass it....but I never set that up.

<!-- gh-comment-id:582946685 --> @NeoMatrixJR commented on GitHub (Feb 6, 2020): Anyone sort this out? I'm having the EXACT same issue...and yes, the server is publicly accessible. When I try to reach one of my URLs I've got setup in NginxProxyManager I get a cert error, it shows my old LE cert that's out of date. Strangely, it says my site's setup for HSTS, so I can't even bypass it....but I never set that up.
kerem commented 2026-02-26 06:31:36 +03:00
Author
Owner
Copy link

@dariusateik commented on GitHub (Feb 6, 2020):

I had problem with renewal; in my case was:
I had testing proxy host; later I delete it (proxy host); but somehow old file was not removed from /letsencrypt/renewal directory; I just delete old (unused) npm-x.conf file and all certs renewed without any problems; may be it is your case too ?
check all files in /letsencrypt/renewal directory - if you find old / unused hosts in there ; just delete not needed file and check if problem solved

<!-- gh-comment-id:582979253 --> @dariusateik commented on GitHub (Feb 6, 2020): I had problem with renewal; in my case was: I had testing proxy host; later I delete it (proxy host); but somehow old file was not removed from /letsencrypt/renewal directory; I just delete old (unused) npm-x.conf file and all certs renewed without any problems; may be it is your case too ? check all files in /letsencrypt/renewal directory - if you find old / unused hosts in there ; just delete not needed file and check if problem solved
kerem commented 2026-02-26 06:31:36 +03:00
Author
Owner
Copy link

@ghost commented on GitHub (Mar 29, 2020):

I got the same issue.

<!-- gh-comment-id:605706020 --> @ghost commented on GitHub (Mar 29, 2020): I got the same issue.
kerem commented 2026-02-26 06:31:36 +03:00
Author
Owner
Copy link

@SDekkers commented on GitHub (Jan 20, 2021):

Same issue here.

<!-- gh-comment-id:763500474 --> @SDekkers commented on GitHub (Jan 20, 2021): Same issue here.
kerem commented 2026-02-26 06:31:36 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Apr 1, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:2029021429 --> @github-actions[bot] commented on GitHub (Apr 1, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:
kerem commented 2026-02-26 06:31:36 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (May 11, 2025):

Issue was closed due to inactivity.

<!-- gh-comment-id:2869348921 --> @github-actions[bot] commented on GitHub (May 11, 2025): Issue was closed due to inactivity.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#220
No description provided.